On Fri, Feb 11, 2000 at 01:47:11AM +0800, Ronald Tin wrote:
I just noticed a strange thing
In the default /etc/ssh/sshd_config there is a line ServerKeyBits 768,
however, the post-installation script creates a key with 1024 bits.
I thought the ServerKeyBits option should correspond to
the host key as generated by the script?
Is it a bug, or did I misunderstood something?
different keys, the hostkey is used to verify the host is who it says
it is, how that works is the first time a client connects its given
the public host key (it would be more secure to get this directly from
the admin but...) the client then encrypts a random token with that
public key and sends it to the server, if the server sends the
decrypted token back the client knows the server is who it says it is
(this of course assumes you did not get a bogus public key in the
first place)
ServerKeyBits refers to the encryption key that is generated on the
fly when sshd starts its used to actually encrypt the session traffic.
its never saved to disk and is regenerated every hour or so (defined
in sshd_config as well)
--
Ethan Benson
